Authors : Anas Abou El Kalam, Jean-Philippe Leroy, Larbi Bessa and Jean-Marie Mahe
Abstract: Managing security and configuration in a large scale distributed network is a labor-intensive task, error prone and time-consuming. This is mainly due to the large number and the complexity of security mechanisms that need to be enforced in order to meet the security goals. The misconfiguration of a single security component out of hundreds may cause failures, mainly related to availability, integrity, confidentiality and performance. In this study, we introduce a global framework based on Common Information Model (DMTF CIM) and Model-Driven Architecture (MDA) concepts to address the problem of security policy refinement process. The main goal is to automatize, enhance and simplify the different functions related to security configuration management which is generally manually performed and qualified as a hard-task, especially for large scale networks and systems. The proposed framework includes tree levels of abstraction to bridge the gap between high-level security policies and low-level ones that represent concrete configurations. Moreover, it integrates conflicting resolution mechanisms and proposes an open source based implementation.
Anas Abou El Kalam, Jean-Philippe Leroy, Larbi Bessa and Jean-Marie Mahe, 2015. A CIM Based Security Policy Refinement Process from Security Objectives to Concrete Configurations. International Journal of Soft Computing, 10: 369-382.